CVE-2020-6187 - Vulnerability Details - OpenCVE

SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Netweaver Guided Procedures

Configuration 1 [-]

OR	cpe:2.3:a:sap:netweaver_guided_procedures:7.10:::::::*
	cpe:2.3:a:sap:netweaver_guided_procedures:7.11:::::::*
	cpe:2.3:a:sap:netweaver_guided_procedures:7.20:::::::*
	cpe:2.3:a:sap:netweaver_guided_procedures:7.30:::::::*
	cpe:2.3:a:sap:netweaver_guided_procedures:7.31:::::::*
	cpe:2.3:a:sap:netweaver_guided_procedures:7.40:::::::*
	cpe:2.3:a:sap:netweaver_guided_procedures:7.50:::::::*

No data.

References

Link	Providers
https://launchpad.support.sap.com/#/notes/2864415
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2020-02-12T19:45:46

Updated: 2024-08-04T08:55:21.848Z

Reserved: 2020-01-08T00:00:00

Link: CVE-2020-6187

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-02-12T20:15:14.307

Modified: 2024-11-21T05:35:15.740

Link: CVE-2020-6187

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver (Guided Procedures)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "= 7.10"}, {"status": "affected", "version": "= 7.11"}, {"status": "affected", "version": "= 7.20"}, {"status": "affected", "version": "= 7.30"}, {"status": "affected", "version": "= 7.31"}, {"status": "affected", "version": "= 7.40"}, {"status": "affected", "version": "= 7.50"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Missing XML Validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-12T19:45:46", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2864415"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2020-6187", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver (Guided Procedures)", "version": {"version_data": [{"version_name": "=", "version_value": "7.10"}, {"version_name": "=", "version_value": "7.11"}, {"version_name": "=", "version_value": "7.20"}, {"version_name": "=", "version_value": "7.30"}, {"version_name": "=", "version_value": "7.31"}, {"version_name": "=", "version_value": "7.40"}, {"version_name": "=", "version_value": "7.50"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service."}]}, "impact": {"cvss": {"baseScore": "4.9", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Missing XML Validation"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"}, {"name": "https://launchpad.support.sap.com/#/notes/2864415", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2864415"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:55:21.848Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2864415"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2020-6187", "datePublished": "2020-02-12T19:45:46", "dateReserved": "2020-01-08T00:00:00", "dateUpdated": "2024-08-04T08:55:21.848Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "06CA0A75-184C-42FC-A1FD-19545165A380", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.11:*:*:*:*:*:*:*", "matchCriteriaId": "E8675178-A73D-49C7-BD5D-85431EF9912C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.20:*:*:*:*:*:*:*", "matchCriteriaId": "21D40F4E-E064-4120-99EE-5108094F768A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.30:*:*:*:*:*:*:*", "matchCriteriaId": "402FF7B9-8F4D-48D4-917B-C22A1AA03CB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.31:*:*:*:*:*:*:*", "matchCriteriaId": "68707EF8-8FD7-42C1-B5D0-223B716EDB9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.40:*:*:*:*:*:*:*", "matchCriteriaId": "FC69EB62-C662-468B-9490-CF72210F5A55", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.50:*:*:*:*:*:*:*", "matchCriteriaId": "A2B90227-A617-4C0D-B787-FF989B3BA12D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service."}, {"lang": "es", "value": "SAP NetWeaver (Guided Procedures), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba suficientemente la entrada de un documento XML de un administrador comprometido, conllevando a una Denegaci\u00f3n de Servicio."}], "id": "CVE-2020-6187", "lastModified": "2024-11-21T05:35:15.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "cna@sap.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-12T20:15:14.307", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2864415"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2864415"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}